C
HAPTER
25
| General Security Measures
Port Security
– 652 –
PORT SECURITY
These commands can be used to enable port security on a port.
When using port security, the switch stops learning new MAC addresses on
the specified port when it has reached a configured maximum number.
Only incoming traffic with source addresses already stored in the dynamic
or static address table for this port will be authorized to access the
network. The port will drop any incoming frames with a source MAC
address that is unknown or has been previously learned from another port.
If a device with an unauthorized MAC address attempts to use the switch
port, the intrusion will be detected and the switch can automatically take
action by disabling the port and sending a trap message.
port security This command enables or configures port security. Use the no form without
any keywords to disable port security. Use the no form with the
appropriate keyword to restore the default settings for a response to
security violation or for the maximum number of allowed addresses.
SYNTAX
port security [action {shutdown | trap | trap-and-shutdown}
| max-mac-count address-count]
no port security [action | max-mac-count]
action - Response to take when port security is violated.
shutdown - Disable port only.
trap - Issue SNMP trap message only.
trap-and-shutdown - Issue SNMP trap message and disable
port.
max-mac-count
address-count - The maximum number of MAC addresses that
can be learned on a port. (Range: 0 - 1024, where 0 means
disabled)
DEFAULT SETTING
Status: Disabled
Action: None
Maximum Addresses: 0
Table 77: Management IP Filter Commands
Command Function Mode
mac-address-table static Maps a static address to a port in a VLAN GC
port security Configures a secure port IC
show mac-address-table Displays entries in the bridge-forwarding database PE
To Next Page
Loading...
Need help?
General